1. Download and install the Sonicwall 64-bit VPN client from HERE (as of this writing).

2. Install the Cisco VPN client. Edit: If you get an error that it cannot run on this operating system then just extract the .exe file using WinRar or a similar program and run the .msi file. Problem solved.

The first two steps worked for me without the need for registry edit. I checked and the settings were already spelled correctly on my machine. Full disclosure my systems are clean Windows 10 installs without being upgrades.

Without installing the Sonicwall client first you will get Error 433 after trying to connect. Checking the logs shows that it cannot download the key to complete the secure connection.

What happens is that the Sonicwall client adds the DNE Lightweight filter network client on the machine. I tried getting it directly from Citrix and installing it that way but was unsuccessful.

Using this method you can now get some more use out of the Cisco VPN client. If you prefer you can uninstall the Sonicwall client afterward. I've been told by several people that the DNE software remains even after the Sonicwall client is removed.

Build 1709 Fall Creator's Update

WARNING: You should uninstall the Cisco VPN client prior to running this upgrade so repairing it afterward will make it much easier. All of the steps above still work on this latest "Fall Creator's Update" upgrade of Windows 10.

Build 1703 Creator's Update EDIT: Updated 04/11/2017

WARNING: You should uninstall the Cisco VPN client prior to running this upgrade so repairing it afterward will make it much easier. All of the steps above still work on this latest "Creator's Build" upgrade of Windows 10.

Now for the not-so-fun-details. I didn't uninstall prior to the upgrade and proceeded to spend the next 30 minutes clearing out registry entries until I finally found the right one to let me reinstall the product using the .MSI file. After doing that, and making the registry edit, my VPN client is again working properly.

Version 1607 Build 14393.10 EDIT: Updated 08/03/2016

All of the steps above still work on this latest "Anniversary" build of Windows 10. As with the 1511 build mentioned below, you will have to run a repair on the program or just do a clean install to get it working because Microsoft yet again determined that they would control which program we use.

You can go HERE to download the latest version of the media downloader and get version 1607.

And not to be left out HERE is a link to all of the new features in 1607 for IT pros.

As I update my Windows 10 machines I'll post updates if there are any issues or errors I run across with this build. As I always say.... good luck.

BUILD 1511 EDIT: Updated 1/20/2016

I'm getting a lot of feedback about networking being broken after 1511. I would highly advise you remove the Cisco VPN client and Sonic Global client software prior to installing build 1511.

I have now upgraded three different systems to 1511. By removing both the Sonicwall and Cisco VPN software first, I had zero issues with it working properly afterward.

However, if the upgrade went through already, here's what you can do to help mitigate these issues. There's no guarantee this is going to work but I have had two instances where the Cisco VPN software was removed by the 1511 upgrade and I was able to get it working by following the next steps below:

First just reinstall the VPN client using the .MSI file and not the .EXE file. This will bypass Windows 10 checking the compatibility as I listed at the top. Next just make the registry edits again and you'll be good to go. After the registry edits, I have not had to restart but you can if you feel the need just to be sure.

If this does not work as an extra effort you will need to reset all networking on Windows 10. Luckily this is pretty easy to do.

I hope this helps out with the additional headaches caused by 1511. As always if I find any more useful information with future updates to Windows 10 that affect this software, I'll be sure to update the post.

Friday, March 10, 2017

I ran into this issue with two Domain Controllers that would not replicate. DC2 was getting this error: "The Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime"

Below are the steps I went through in order to remedy this situation and worked like a charm.

1. Verify which Domain Controller raised the 8614 error by using:

> repadmin /showreplor> repadmin /showreps

* Run this command line in any DC not DC-A.

* In addition, open Event Viewer, in Applications and Services Logs, Directory Service, you will see an error with event ID 2042

According to Mirosoft knowledge base, it's maybe because the domain controller contains what so called lingering objects: http://support.microsoft.com/kb/2020053. This is the most possible reason for the error, because everything else are OK (time, default tombstone lifetime).

Thursday, October 06, 2016

Microsoft Windows Server 2016 became officially available recently on 9/26/2016 and as I'm sure you have heard the licensing changed from a per processor model to a per core model.

Before you read any futher here's a simple thing to keep in mind when purchasing this new licensing model:

Once you have enough cores purchased (16 core minimum) to cover the metal, every 8 packs (16 cores) of licensing cover 2 more virtual machines.

The first thing that people have had a hard time understanding is the new "Per Core" licensing and even with Microsoft's own explanation it seemed impossibly hard to understand so I'm going to try to break it down simply so everyone can get a quick grasp on how it works.

FACT #1
Server 2016 licensing is sold in 2 core packs. The very minimum no matter how small your server is a 16 core purchase. Microsoft says this would be the same cost as Server 2012 R2 Standard licensing.

EXAMPLE:
You purchased a small server for a business that has only 4 cores and 8G RAM. The correct licensing for Server 2016 would be 16 cores purchased.

FACT #2
You MUST cover all cores on the server prior to taking into consideration the number of virtual machines if it is a VM host.

EXAMPLE:
Your server has 2 processors that are 12 cores each. Total of 24 cores. You plan on only running 2 virtual machines on this server. You must purchase 12 x 2 packs of Server 2016 core licensing. If you move up to 4 virtual machines guess what? You're going to need to purchase another 4 packs of licensing to cover the next two. This is a total of 16 packs and every 8 packs = 2 VMs.

FACT #3
After you have covered the number of cores on the physical server, every 8 packs (16 cores of licensing) after that will give you two more virtual machines of no more than 8 cores each.

EXAMPLE:
Your plan is to run 5 virtual machines on a server with 2 x 8 core processors. You must purchase the initial 8 packs (16 cores) to cover the server's physical processors. Then from there you must purchase another 8 packs for the next 2 virtual machines and then another 8 packs for the 5th virtual machine leaving you 1 more virtual machines you can build without needing more licensing.

So far this news isn't extremely terrible but there are two more things on top of all of this you need to know.

1. Once you approach the 8th virtual machine, it becomes more cost effective with the new licensing model to purchase the Datacenter edition. The cost is going to be very high for customers so virtual server sprawl is going to start being a real issue.

2. Microsoft says you MUST license a virtual host to carry all of your virtual machines in the event of a failure of one host. This is a massive cost purchase in the event of a multi-host virtual environment.

Let me explain that one a bit better. You have a decent sized business with three VMware hosts. Each host has 2 x 10 core processors and you're running 24 virtual machines evenly spaced out over all three hosts so you have a 3 x 8 scenario with your virtual machines.

Microsoft now says you must purchase not just a total of 96 packs (remember 2 cores per pack) but you must purchase a total of 96 packs x 3 hosts in the event that two of them were to go offline and you have to run all of your VMs on one host and because you can vMotion them around. This simply means a business would now need to purchase 288 cores of licensing to be properly licensed.

I know this is a bit wordy but I hope it makes a little better sense than all of the other confusing information out there about it. I'm confident this is correct as our licensing supplier has been through the offical training and this was how it was explained to me.

Monday, September 19, 2016

I was attempting to reinstall ESXi 6.0 on a server that had a previous datastore on a RAID 5 array. The array was missing a disk so I destroyed and recreated the array minus the missing disk and decided to just do without the storage of the one disk.

When I attempted to add the array into my fresh ESXi 6 load I got this error:

Call "HostDatastoreSystem.QueryVmfsDatastoreCreateOptions" for object "ha-datastoresystem" on ESXi "xxx.xx.xxx.xxx" failed
Not knowing how to fix this I did some research and found out a quick and easy repair.

1. Enable SSH on the VMware host.
2. Connect and run "ls -lha /vmfs/devices/disks" and this will list your disks with their disk ID.
3. Run the following command on the disk "partedUtil getptbl /vmfs/devices/disks/naa.5000c501234597a333"
This will return the following output if you have chosen the correct disk:

Error: The primary GPT table states that the backup GPT is located beyond the end of disk. This may happen if the disk has shrunk or partition table is corrupted. Fix, by writing backup table at the end? This will also fix the last usable sector appropriately as per the new reduced size. diskPath (/dev/disks/naa.5000c501234597a333) diskSize (286748000) AlternateLBA (570310655) LastUsableLBA (570310622)
Warning: The available space to /dev/disks/naa.5000c501234597a333 appears to have shrunk. This may happen if the disk size has reduced. The space has been reduced by (283562656 blocks). You can fix the GPT to correct the available space or continue with the current settings ? This will also move the backup table at the end if it is not at the end already. diskSize (286748000) AlternateLBA (570310655) LastUsableLBA (570310622) NewLastUsableLBA (286747966)
Error: Can’t have a partition outside the disk!
Unable to read partition table for device /vmfs/devices/disks/naa.5000c501234597a333

Apparently deleting the RAID array didn't fully erase all of the previous partition information. Now it needs to be cleared manually.

4. Run the following to clear it: "partedUtil setptbl /vmfs/devices/disks/naa.5000c501234597a333"
That's all there is to it. By creating a msdos partition on the disk it will clear the previous error and allow esxi to create a datastore there with no errors.

Friday, July 01, 2016

After logging into the Exchange ECP with the correct credentials you get just a blank screen with no errors messages. This will almost always happen if you remove a certificate using the certificates MMC or even sometimes if you remove one using the ECP.

Below is what you need to check to fix this problem:

Since this change is not reflected in the backend website you have to make sure that the Exchange ECP site is looking at the same certificate in both locations.

IIS Default Site SSL Certificate

IIS Back End SSL Certificate

The certificate choice in both of these locations have to match exactly then the issue is resolved.

Monday, January 04, 2016

If you aren't running the latest UCS software then certain versions of Java will toss this error. If you need to get logged in and don't have the option for updating the UCS software right away then here's how you can get around it.

Just enable HTTP via SSH and you can then login. Remember to disable this once you have your UCS software and Java versions current because until you do everything is transmitted in clear text.

UCS# scope systemUCS /system# scope servicesUCS /system/services# enable httpUCS /system/services# disable http-redirectWarning: When committed, this closes all web sessionsUCS /system/services# commit
Once this is done now you can connect to the UCS Manager without the error.

Remove-MailboxFolderPermission -Identity "Boss Hog:\Calendar" -user "Roscoe"
Here's also a list of all of the permissions you can assign. HERE is a link to Office support with some details on what each of these permission levels can do.

None

Free/Busy

Free/Busy, Subject, Location

Contributor

Reviewer

Nonediting Author

Author

Publishing Author

Editor

Publishing Editor

Owner

Hopefully this will give you some assistance when you need to edit calendar permissions without the need to login as that user account and then use Outlook to make the edits. Granted that's the GUI route but this works best from an Exchange administrator's perspective.